We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Antiquated privacy laws are haunting businesses that base their privacy policies on current statutory language. Most laws intended to protect individuals’ privacy rights were designed with decades-old technology in mind. While this problem has been gaining attention for its impact on individuals’ privacy rights, businesses have also felt the effect of archaic privacy laws. Due to the public’s overwhelmingly favorable views toward privacy rights, businesses are becoming increasingly vulnerable to distorted interpretations of outdated laws.

Approximately 93 percent of Americans believe it is important to control who has access to their information. As a result, when companies act in a way that goes against that belief, individuals (or often plaintiff’s attorneys) seek to hold the companies responsible even when current laws wouldn’t appear to support a legal action. Supporting the overwhelmingly strong public opinion in favor of privacy rights, courts have expanded privacy laws past their original interpretations to cover new technology – often at the expense of companies who believed they were following the letter of the law.

For example, Hearst Communications, Inc. (publisher of, among other magazines, Good Housekeeping and Cosmopolitan) is the latest magazine publisher to be sued for selling subscriber information to a third party. The class action is based on Michigan’s Video Rental Privacy Act. That law, passed in 1988, was designed to prevent publication of video and book rentals or purchases for fear that such publication could lead to embarrassment or censorship. Because magazines weren’t explicitly protected under the law (unlike videos and books), and because information given for the purposes of data mining and targeted advertising has traditionally been viewed as different from publication of the information, many magazine companies (including Time Inc., Bauer Publishing Co. and Meredith Corp.) were detrimentally unaware that the law would extend to them.

Similarly, when Google’s Street View was challenged for its collection of unencrypted Wi-Fi data, the Wiretap Act was the primary statutory authority used. This Act, part of the Electronic Communications Privacy Act, was originally adopted in 1968 to prevent wiretapping and unauthorized eavesdropping. Despite some updates to the law since 1968, unencrypted Wi-Fi data was not expressly protected under the Act. Instead, the court held that since the data was not readily accessible to the public, and didn’t fall into the radio communication exception, Google’s actions were unlawful.

These laws and many others were not designed to facilitate large changes in technology. Instead, their use is based on contorted interpretations meant to support the overwhelming public support for privacy. What this means is companies can no longer just ensure they are up to speed on privacy laws that directly relate to their business. Instead, companies are at risk if they don’t review all privacy regulations and take proactive measures to meet the public’s perception of appropriate privacy safeguards. Without those measures, companies are vulnerable to old laws coming to life in ways not previously foreseen.

Compare jurisdictions: BYOD: Bring Your Own Device

"Lexology is one of the few newsfeeds that I do actually look over as and when it comes in - the information is current; has good descriptive headings so I can see quickly what the articles relate to and is not too long."